The malicious commit was designed to be confusing, as noted in the first comment of the investigation:
> but calls to safe_fprintf were replaced with calls to the unsafe fprintf. The diff doesn't make this obvious due to the removal of a newline in a parameter list.
It wasn't noticed because it was specifically designed not to be obvious.
> but calls to safe_fprintf were replaced with calls to the unsafe fprintf. The diff doesn't make this obvious due to the removal of a newline in a parameter list.
It wasn't noticed because it was specifically designed not to be obvious.